diff --git a/app/(dashboard)/users/page.tsx b/app/(dashboard)/users/page.tsx
index 888ce615..6ff06b24 100644
--- a/app/(dashboard)/users/page.tsx
+++ b/app/(dashboard)/users/page.tsx
@@ -6,6 +6,7 @@ export default async function UsersPage() {
await requireAdmin();
const allUsers = await listUsers();
// Strip password hashes before sending to client
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
const safeUsers = allUsers.map(({ password_hash, ...rest }) => rest);
return ;
}
diff --git a/src/components/mtls-roles/MtlsRolesTab.tsx b/src/components/mtls-roles/MtlsRolesTab.tsx
index efcf1cd9..b5820b0d 100644
--- a/src/components/mtls-roles/MtlsRolesTab.tsx
+++ b/src/components/mtls-roles/MtlsRolesTab.tsx
@@ -6,12 +6,10 @@ import { Card, CardContent } from "@/components/ui/card";
import { Input } from "@/components/ui/input";
import { Label } from "@/components/ui/label";
import { Separator } from "@/components/ui/separator";
-import { Textarea } from "@/components/ui/textarea";
import { Alert, AlertDescription } from "@/components/ui/alert";
import { Checkbox } from "@/components/ui/checkbox";
-import { ShieldCheck, Plus, Trash2, UserPlus } from "lucide-react";
+import { ShieldCheck, Plus, UserPlus } from "lucide-react";
import { useState, useEffect, useCallback } from "react";
-import { AppDialog } from "@/components/ui/AppDialog";
import type { MtlsRole, MtlsRoleWithCertificates } from "@/lib/models/mtls-roles";
import type { IssuedClientCertificate } from "@/lib/models/issued-client-certificates";
diff --git a/src/lib/models/forward-auth.ts b/src/lib/models/forward-auth.ts
index 2f64e288..8afc3b8c 100644
--- a/src/lib/models/forward-auth.ts
+++ b/src/lib/models/forward-auth.ts
@@ -6,9 +6,6 @@ import {
forwardAuthExchanges,
forwardAuthAccess,
groupMembers,
- users,
- groups,
- proxyHosts
} from "../db/schema";
import { and, eq, gt, inArray, lt } from "drizzle-orm";
@@ -218,13 +215,13 @@ export async function checkHostAccessByDomain(
});
for (const ph of allHosts) {
- let domains: string[] = [];
+ let parsed: string[];
try {
- domains = JSON.parse(ph.domains);
+ parsed = JSON.parse(ph.domains);
} catch {
continue;
}
- if (domains.some((d) => d.toLowerCase() === host.toLowerCase())) {
+ if (parsed.some((d) => d.toLowerCase() === host.toLowerCase())) {
const hasAccess = await checkHostAccess(userId, ph.id);
return { hasAccess, proxyHostId: ph.id };
}
@@ -299,21 +296,21 @@ export async function isForwardAuthDomain(host: string): Promise {
});
for (const ph of allHosts) {
- let domains: string[] = [];
+ let parsed: string[];
try {
- domains = JSON.parse(ph.domains);
+ parsed = JSON.parse(ph.domains);
} catch {
continue;
}
- if (domains.some((d) => d.toLowerCase() === host.toLowerCase())) {
+ if (parsed.some((d) => d.toLowerCase() === host.toLowerCase())) {
// Check that this host actually has forward auth enabled
- let meta: Record = {};
+ let parsedMeta: Record;
try {
- meta = ph.meta ? JSON.parse(ph.meta) : {};
+ parsedMeta = ph.meta ? JSON.parse(ph.meta) : {};
} catch {
continue;
}
- const fa = meta.cpm_forward_auth as Record | undefined;
+ const fa = parsedMeta.cpm_forward_auth as Record | undefined;
if (fa?.enabled) return true;
}
}
diff --git a/tests/integration/forward-auth.test.ts b/tests/integration/forward-auth.test.ts
index 0cfa3eb8..9d2e2c86 100644
--- a/tests/integration/forward-auth.test.ts
+++ b/tests/integration/forward-auth.test.ts
@@ -6,7 +6,6 @@ import {
forwardAuthExchanges,
forwardAuthAccess,
groups,
- groupMembers,
users,
proxyHosts
} from '@/src/lib/db/schema';
@@ -26,10 +25,6 @@ function futureIso(seconds: number) {
return new Date(Date.now() + seconds * 1000).toISOString();
}
-function pastIso(seconds: number) {
- return new Date(Date.now() - seconds * 1000).toISOString();
-}
-
function hashToken(raw: string): string {
return createHash('sha256').update(raw).digest('hex');
}
diff --git a/tests/integration/mtls-access-rules-model.test.ts b/tests/integration/mtls-access-rules-model.test.ts
index d5e9e265..dddf7c83 100644
--- a/tests/integration/mtls-access-rules-model.test.ts
+++ b/tests/integration/mtls-access-rules-model.test.ts
@@ -9,7 +9,6 @@ import {
proxyHosts,
users,
} from '../../src/lib/db/schema';
-import { eq } from 'drizzle-orm';
let db: TestDb;
diff --git a/tests/integration/mtls-rbac.test.ts b/tests/integration/mtls-rbac.test.ts
index 67f6b9d7..76f03aea 100644
--- a/tests/integration/mtls-rbac.test.ts
+++ b/tests/integration/mtls-rbac.test.ts
@@ -8,7 +8,7 @@ import {
caCertificates,
proxyHosts,
} from '@/src/lib/db/schema';
-import { eq, and } from 'drizzle-orm';
+import { eq } from 'drizzle-orm';
let db: TestDb;
diff --git a/tests/integration/mtls-roles-model.test.ts b/tests/integration/mtls-roles-model.test.ts
index cb93b13c..f2140d13 100644
--- a/tests/integration/mtls-roles-model.test.ts
+++ b/tests/integration/mtls-roles-model.test.ts
@@ -6,13 +6,10 @@
import { describe, it, expect, beforeEach, vi } from 'vitest';
import { createTestDb, type TestDb } from '../helpers/db';
import {
- mtlsRoles,
- mtlsCertificateRoles,
issuedClientCertificates,
caCertificates,
users,
} from '../../src/lib/db/schema';
-import { eq, isNull } from 'drizzle-orm';
let db: TestDb;
diff --git a/tests/unit/caddy-mtls-leaf-override.test.ts b/tests/unit/caddy-mtls-leaf-override.test.ts
index 48825f9e..258fe015 100644
--- a/tests/unit/caddy-mtls-leaf-override.test.ts
+++ b/tests/unit/caddy-mtls-leaf-override.test.ts
@@ -5,7 +5,7 @@
* to ensure the new "trust user X" model works correctly alongside the legacy CA model.
*/
import { describe, it, expect } from 'vitest';
-import { buildClientAuthentication, pemToBase64Der } from '../../src/lib/caddy-mtls';
+import { buildClientAuthentication } from '../../src/lib/caddy-mtls';
function makeCaPem(label: string): string {
return `-----BEGIN CERTIFICATE-----\n${label}\n-----END CERTIFICATE-----`;